- Notifications
You must be signed in to change notification settings - Fork927
Don't use parameters to pass secrets to GCP or AWS#2039
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Signed-off-by: Spike Curtis <spike@coder.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I think this will simplify things a lot, thanks.
| The way these generally work is via the credentials being available to Coder either in some | ||
| well-known location on disk (e.g. `~/.aws/credentials` for AWS on posix systems), or via | ||
| environment variables. It is usually sufficient to authenticate using the CLI or SDK for the | ||
| cloud provider before running Coder for this to work, but check the Terraform provider | ||
| documentation for details. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Appreciate the detail here 👍🏼
| ## Authentication | ||
| This template assumes that coderd is run in an environment that is authenticated | ||
| with AWS. For example, run `aws configure import` to import credentials on the | ||
| system and user running coderd. For other ways to authenticate [consult the | ||
| Terraform docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Currently, this isn't really be visible when creating a template viacoder templates init. I added a mock "variable" in the Docker example, but I'm not really happy with this.
Any ideas? Perhaps it's also fair to rely on the default Terraform errors (+ these docs) to warn users.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Yeah, I don't like the idea of hijacking parameters to guide end users. If we can't expect users to read the README in the examples, and want do do some handholding, we should build out a guidedtemplate init
* Don't use parameters to pass secrets to GCP or AWSSigned-off-by: Spike Curtis <spike@coder.com>* Fix fmtSigned-off-by: Spike Curtis <spike@coder.com>
First of several PRs for#1967
This updates the AWS and GCP templates. I'd like to also do Kubernetes and Digital Ocean, but I'll need to chase down credentials and/or a test cluster, so let's not block this PR on that.